Microsoft Security Response Center Blog Alerts

CVE-2025-47160 Windows Shortcut Files Security Feature Bypass Vulnerability

Published June 10, 2025

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Published June 10, 2025

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Published June 10, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Published June 10, 2025

Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network.

Published June 10, 2025

Improper link resolution before file access (‘link following’) in Windows Installer allows an authorized attacker to elevate privileges locally.

Published June 10, 2025

Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally.

Published June 10, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Published June 10, 2025

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Published June 10, 2025

Improper privilege management in Windows Kernel allows an unauthorized attacker to elevate privileges locally.

Published June 10, 2025

Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally.